Nimbus SRP

The most complete and versatile Java library for Secure Remote Password
authentication

Convenient client and server-side session classes

No external package dependencies

Secure Remote Password authentication

Secure Remote Password (SRP) is an ingenious authentication method where the
password remains private to the user at all times and never has to be
communicated beyond their computer; instead, what client and server exchange is
a series of cryptographically secured messages.

Merits of the SRP protocol:

Zero-knowledge password
proof — the
password remains private to the user at all times and is never shared with
the authenticating server. This greatly reduces the risk of password leakages
caused by Heartbleed and similar
incidents.

May be used for mutual authentication and to establish a secret session key
for encrypted communication.

A mutually trusted third party is not required.

The Secure Remote Password protocol was devised by Tom Wu during his work at
Stanford University. He maintains a web page with
academic papers on SRP and links to RFCs and implementations. Another good
source of information is the wikipedia SRP
article.

The most complete and versatile SRP-6a Java library

It was created to address deficiencies in existing open source Java
implementations which became apparent during a project to add SRP
authentication to the Json2Ldap web service for LDAP
directory access.

Customisable at all levels: Allows application-specific tuning of all
security parameters. With Nimbus SRP you can use your preferred ‘N’ / ‘g’
crypto parameters and hash algorithm (SHA-1, SHA-256, PBKDF2, …). You can
also define your custom routines for the password key ‘x’ as
well as for the client and server evidence messages ‘M1’ and ‘M2’.

Transport independence: No assumptions are made about how the SRP
protocol messages are communicated between client and server.

Interoperability: Can be easily made to work with other server or client
SRP implementations, for example if you’re using browser-based JavaScript
clients.

Small and efficient: The JAR is just 32 KB and has no external
dependencies.